“Pull your Exchange, Fortinet, and SonicWall inventory right now and build a patch priority list based on which devices face the internet or handle sensitive auth.”
Exchange Server CVE-2026-42897 Spoofing Flaw on CISA KEV — Only Actively Exploited Issue in June Patch Tuesday
CVE-2026-42897, a CVSS 8.1 Exchange Server spoofing vulnerability, is the sole actively exploited issue from the June 2026 Patch Tuesday cycle and is listed on the CISA KEV catalog. Security teams should patch Exchange first within this cycle; users should also be warned about suspicious Office/Word documents given related social-engineering campaigns observed alongside Exchange exploitation. The June cycle also patched critical Hyper-V out-of-bounds read flaws (CVE-2026-47652, CVE-2026-45641, CVE-2026-45607) and four critical RDP Client CVEs requiring immediate attention.
Read more →Microsoft Edge CVE-2026-57983 Security Feature Bypass — Patch Promptly on Privileged Endpoints
Microsoft disclosed CVE-2026-57983, a security feature bypass in Chromium-based Edge, with limited public technical detail as of 3 July 2026; no confirmed in-the-wild exploitation has been reported but the vulnerability is real and patched. Security feature bypasses are catalytic when paired with phishing or post-exploitation tradecraft, so risk is highest on administrator and helpdesk machines. MSPs should verify Edge build versions across all managed endpoints and ensure update deferral policies are not blocking the latest Stable Channel release.
Read more →CRITICAL: 'FortiBleed' — 86,644 Fortinet Firewall Credential Sets Leaked Across 194 Countries
A Russian-speaking criminal crew published working administrator and VPN credentials for roughly half of all internet-facing Fortinet devices globally in what is being called 'FortiBleed'; CISA, the UK NCSC, and Fortinet's own PSIRT issued emergency guidance within six days of researchers flagging the cache in mid-June 2026. Fortinet states no new vulnerability was exploited — attackers weaponised weak passwords, legacy hash storage from previously compromised configuration files accumulated over years of prior exploitation campaigns. Immediate action: assume compromise on any FortiGate that was ever internet-exposed, rotate all credentials, enforce MFA before hunting for IOCs.
Read more →SonicWall SMA1000 SQL Injection CVE-2026-4112 — Admin Privilege Escalation Patched
SonicWall patched four vulnerabilities in SMA1000 series firewalls including CVE-2026-4112, a high-severity SQL injection flaw that allows an attacker with read-only admin privileges to escalate to primary admin rights. Three additional issues in the same batch allow SSL VPN credential enumeration and TOTP authentication bypass; SonicWall has no confirmed wild exploitation but urges immediate patching. Update SMA1000 appliances to the latest firmware version without delay.
Read more →Subscribers get the full “From the Floor” take with every issue — not just the news summary you just read.
Written from 12 years on the helpdesk floor. Always free.